U 3 d;?@sXddlZddlmZddlmZddlmZddlmZddl m Z GdddeZ dS) N)json)AWSQueryConnection) RegionInfo)JSONResponseError) exceptionscseZdZdZdZdZdZdZdZe Z e j e j e jdZfdd Zd d Zd d Zd1ddZd2ddZddZddZddZddZd3ddZd4ddZdd Zd!d"Zd5d#d$Zd6d%d&Zd7d'd(Zd8d)d*Z d9d+d,Z!d-d.Z"d/d0Z#Z$S):CloudHSMConnectionz AWS CloudHSM Service z 2014-05-30z us-east-1z cloudhsm.us-east-1.amazonaws.comZCloudHSMZCloudHsmFrontendService)InvalidRequestExceptionCloudHsmServiceExceptionCloudHsmInternalExceptionc sZ|dd}|s t||j|j}d|ks4|ddkr>|j|d<tt|jf|||_dS)Nregionhost) poprDefaultRegionNameDefaultRegionEndpointendpointsuperr__init__r )selfkwargsr  __class__8/tmp/pip-unpacked-wheel-d7dsrkjd/boto/cloudhsm/layer1.pyr1s  zCloudHSMConnection.__init__cCsdgS)Nzhmac-v4r)rrrr_required_auth_capability=sz,CloudHSMConnection._required_auth_capabilitycCsd|i}|jdt|dS)a Creates a high-availability partition group. A high- availability partition group is a group of partitions that spans multiple physical HSMs. :type label: string :param label: The label of the new high-availability partition group. LabelZ CreateHapgactionbody make_requestrdumps)rlabelparamsrrr create_hapg@s zCloudHSMConnection.create_hapgNc Csb||||d} |dk r|| d<|dk r.|| d<|dk r>|| d<|dk rN|| d<|jdt| dS) a Creates an uninitialized HSM instance. Running this command provisions an HSM appliance and will result in charges to your AWS account for the HSM. :type subnet_id: string :param subnet_id: The identifier of the subnet in your VPC in which to place the HSM. :type ssh_key: string :param ssh_key: The SSH public key to install on the HSM. :type eni_ip: string :param eni_ip: The IP address to assign to the HSM's ENI. :type iam_role_arn: string :param iam_role_arn: The ARN of an IAM role to enable the AWS CloudHSM service to allocate an ENI on your behalf. :type external_id: string :param external_id: The external ID from **IamRoleArn**, if present. :type subscription_type: string :param subscription_type: The subscription type. :type client_token: string :param client_token: A user-defined token to ensure idempotence. Subsequent calls to this action with the same token will be ignored. :type syslog_ip: string :param syslog_ip: The IP address for the syslog monitoring server. )SubnetIdZSshKey IamRoleArnZSubscriptionTypeNEniIp ExternalIdZ ClientTokenSyslogIpZ CreateHsmrr) r subnet_idZssh_key iam_role_arnZsubscription_typeeni_ip external_idZ client_token syslog_ipr"rrr create_hsmNs &zCloudHSMConnection.create_hsmcCs,d|i}|dk r||d<|jdt|dS)a( Creates an HSM client. :type label: string :param label: The label for the client. :type certificate: string :param certificate: The contents of a Base64-Encoded X.509 v3 certificate to be installed on the HSMs used by this client. CertificateNrZCreateLunaClientrr)r certificater!r"rrrcreate_luna_clients z%CloudHSMConnection.create_luna_clientcCsd|i}|jdt|dS)z Deletes a high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to delete. HapgArnZ DeleteHapgrrrhapg_arnr"rrr delete_hapgs zCloudHSMConnection.delete_hapgcCsd|i}|jdt|dS)z Deletes an HSM. Once complete, this operation cannot be undone and your key material cannot be recovered. :type hsm_arn: string :param hsm_arn: The ARN of the HSM to delete. HsmArnZ DeleteHsmrr)rhsm_arnr"rrr delete_hsms zCloudHSMConnection.delete_hsmcCsd|i}|jdt|dS)z Deletes a client. :type client_arn: string :param client_arn: The ARN of the client to delete. ClientArnZDeleteLunaClientrr)r client_arnr"rrrdelete_luna_clientsz%CloudHSMConnection.delete_luna_clientcCsd|i}|jdt|dS)z Retrieves information about a high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to describe. r2Z DescribeHapgrrr3rrr describe_hapgs z CloudHSMConnection.describe_hapgcCs8i}|dk r||d<|dk r$||d<|jdt|dS)a Retrieves information about an HSM. You can identify the HSM by its ARN or its serial number. :type hsm_arn: string :param hsm_arn: The ARN of the HSM. Either the HsmArn or the SerialNumber parameter must be specified. :type hsm_serial_number: string :param hsm_serial_number: The serial number of the HSM. Either the HsmArn or the HsmSerialNumber parameter must be specified. Nr6ZHsmSerialNumberZ DescribeHsmrr)rr7Zhsm_serial_numberr"rrr describe_hsmszCloudHSMConnection.describe_hsmcCs8i}|dk r||d<|dk r$||d<|jdt|dS)a Retrieves information about an HSM client. :type client_arn: string :param client_arn: The ARN of the client. :type certificate_fingerprint: string :param certificate_fingerprint: The certificate fingerprint. Nr9ZCertificateFingerprintZDescribeLunaClientrr)rr:Zcertificate_fingerprintr"rrrdescribe_luna_clients z'CloudHSMConnection.describe_luna_clientcCs |||d}|jdt|dS)a Gets the configuration files necessary to connect to all high availability partition groups the client is associated with. :type client_arn: string :param client_arn: The ARN of the client. :type client_version: string :param client_version: The client version. :type hapg_list: list :param hapg_list: A list of ARNs that identify the high-availability partition groups that are associated with the client. )r9Z ClientVersionZHapgListZ GetConfigrr)rr:client_versionZ hapg_listr"rrr get_configszCloudHSMConnection.get_configcCsi}|jdt|dS)zk Lists the Availability Zones that have available AWS CloudHSM capacity. ZListAvailableZonesrr)rr"rrrlist_available_zones sz'CloudHSMConnection.list_available_zonescCs(i}|dk r||d<|jdt|dS)a Lists the high-availability partition groups for the account. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHapgs to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListHapgs. Pass null if this is the first call. N NextTokenZ ListHapgsrrrZ next_tokenr"rrr list_hapgss zCloudHSMConnection.list_hapgscCs(i}|dk r||d<|jdt|dS)a Retrieves the identifiers of all of the HSMs provisioned for the current customer. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListHsms to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListHsms. Pass null if this is the first call. NrBZListHsmsrrrCrrr list_hsms+s zCloudHSMConnection.list_hsmscCs(i}|dk r||d<|jdt|dS)a Lists all of the clients. This operation supports pagination with the use of the NextToken member. If more results are available, the NextToken member of the response contains a token that you pass in the next call to ListLunaClients to retrieve the next set of items. :type next_token: string :param next_token: The NextToken value from a previous call to ListLunaClients. Pass null if this is the first call. NrBZListLunaClientsrrrCrrrlist_luna_clients@s z$CloudHSMConnection.list_luna_clientscCs<d|i}|dk r||d<|dk r(||d<|jdt|dS)a Modifies an existing high-availability partition group. :type hapg_arn: string :param hapg_arn: The ARN of the high-availability partition group to modify. :type label: string :param label: The new label for the high-availability partition group. :type partition_serial_list: list :param partition_serial_list: The list of partition serial numbers to make members of the high-availability partition group. r2NrZPartitionSerialListZ ModifyHapgrr)rr4r!Zpartition_serial_listr"rrr modify_hapgUszCloudHSMConnection.modify_hapgcCsld|i}|dk r||d<|dk r(||d<|dk r8||d<|dk rH||d<|dk rX||d<|jdt|d S) a Modifies an HSM. :type hsm_arn: string :param hsm_arn: The ARN of the HSM to modify. :type subnet_id: string :param subnet_id: The new identifier of the subnet that the HSM is in. :type eni_ip: string :param eni_ip: The new IP address for the elastic network interface attached to the HSM. :type iam_role_arn: string :param iam_role_arn: The new IAM role ARN. :type external_id: string :param external_id: The new external ID. :type syslog_ip: string :param syslog_ip: The new IP address for the syslog monitoring server. r6Nr$r&r%r'r(Z ModifyHsmrr)rr7r)r+r*r,r-r"rrr modify_hsmmszCloudHSMConnection.modify_hsmcCs||d}|jdt|dS)ai Modifies the certificate used by the client. This action can potentially start a workflow to install the new certificate on the client's HSMs. :type client_arn: string :param client_arn: The ARN of the client. :type certificate: string :param certificate: The new certificate for the client. )r9r/ZModifyLunaClientrr)rr:r0r"rrrmodify_luna_clients z%CloudHSMConnection.modify_luna_clientc Csd|j|f|jjdtt|d}|jdddi||d}|j|ddd}|d }t j ||j d kr~|rt |Sn8t |}|d d}|j||j} | |j |j|d dS) Nz%s.%szapplication/x-amz-json-1.1)z X-Amz-TargetHostz Content-TypezContent-LengthPOST/)methodpathZ auth_pathr"headersdata )ZsenderZoverride_num_retrieszutf-8Z__type)r) TargetPrefixr rstrlenZbuild_base_http_requestZ_mexereaddecodebotologdebugstatusrloadsget_faults ResponseErrorreason) rrrrO http_requestresponseZ response_bodyZ json_bodyZ fault_nameZexception_classrrrrs6        zCloudHSMConnection.make_request)NNNN)N)NN)NN)N)N)N)NN)NNNNN)%__name__ __module__ __qualname____doc__Z APIVersionrrZ ServiceNamerSrr_rrr r r^rrr#r.r1r5r8r;r<r=r>r@rArDrErFrGrHrIr __classcell__rrrrrsR  6           'r) rXZ boto.compatrZboto.connectionrZboto.regioninforZboto.exceptionrZ boto.cloudhsmrrrrrrs